Executive Summary

Summary
Title virt:8.1 and virt-devel:8.1 security update
Informations
Name RHSA-2020:0555 First vendor Publication 2020-02-19
Vendor RedHat Last vendor Modification 2020-02-19
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Overall CVSS Score 6.5
Base Score 6.5 Environmental Score 6.5
impact SubScore 4 Temporal Score 6.5
Exploitabality Sub Score 2
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Changed Confidentiality Impact High
Integrity Impact None Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An update for the virt:8.1 and virt-devel:8.1 modules is now available for Advanced Virtualization for RHEL 8.1.0.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Advanced Virtualization CodeReady Builder for RHEL 8.1.0 - aarch64, ppc64le, s390x, x86_64 Advanced Virtualization for RHEL 8.1.0 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM hypervisor in environments managed by Red Hat products.

Security Fix(es):

* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2020-0555.html

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 4
Application 1
Application 1
Os 1
Os 3
Os 2
Os 2
Os 1
Os 1
Os 6
Os 1
Os 5
Os 5
Os 1

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2020-05-23 13:03:45
  • Multiple Updates
2020-03-19 13:19:59
  • First insertion